| HN Mirror

Not really a great analogy: unless you are employees or shareholders, it's not really your "house". If you are a dedicated customer, you may be more invested in the welfare of the company than most customers, who mostly just care about their personal interests (products or services they've paid for and any personal information that company keeps on record).

I tried to cook-up a comic store analogy where the loyal customer is most concerned about their orders and personal contact info being stolen than the merchandise of their favourite shop, but that analogy ignored the fact that what LulzSec did to Bethesda is essentially the following: making copies of the shop's inventory manifest, latest promotional program, and names of customers in a Rolodex, and then publishing all that info online (or in a local comic hobbist newsletter). Other than the loss of potential business and the trust of their customers, are the owners and employees likely to suffer as a result of this break-in? I tend to think that lost business will be minor, especially if customer privacy and interests are not noticeably compromised by the break-in.

Not trying to start a morality debate (unless that's welcome here?). I just wanted to point out why I tend to see "black hat security audits" as generally to the victims' benefit, when individuals aren't likely to suffer as a direct result. In the reality of my above analogy, the comic shop is likely going to invest in better security after this kind of break in, which is a positive outcome for the business and the customers. Only the very paranoid or "security minded" customers will choose to take their business elsewhere after the break-in, which likely amounts to very little lost business to the shop.